Categories > Coding > C++ >
How to execute lua once a DLL is injected?
Posted
I've gotten a fully-working DLL in C which can be injected into ROBLOX. I can edit memory (edit values of addresses in memory), but I was wondering how I could utilize this to execute LuaU scripts in ROBLOX.
Does anyone know where to get started with this?
Contribute to Express, an open-source ROBLOX exploit written fully in C.
Replied
Hello
Ignore my grammary brah
when you dont understand something then dm me NASC#8366
So
Simply we only got to get all the functions we need to execute scripts that are in the open sourced luau source so we only gotta find them right?
for a simply exploit you need the functions:
luau_load
(a function that calls code like) : (luau)lua_pcall, (rbx)spawn,(rbx)task.defer
Isnt that hard right?
now comes the hard stuff so we need to get lua_state they randomize all offsets every update so using the luau src wont help until you change the offsets also in the src(i dont recomend to do that its a bit hard).
Roblox also secured the strings so ida will fail at analyzing xrefs from strings they do 0x65436-0x546573 is the string for example so we gotta write a decryptor i already made one i wont leak it but dm me on discord then i can send it to you its a ida script
How to get lua state?
there isnt really a ptr to it its secured its a property of script context they do *(DWORD*)(like script_context + 0x40) * 0x34654 for example to get lua state there is a function called GetLuaState(DWORD scriptcontext,int* type=0) that returns lua state but now we need script context.
How to get script context?
its a offset of WaitingHybridScriptsJob(or however it was called)
How to get WaitingHybridScriptsJob?
Its a job so its we need to get the jobs and loop trough all jobs until it matches the name that we need
How to get The Jobs?
its a offset of Task Scheduler
How to get Task Scheduler?
there is a function called getTaskScheduler how to get it? there are strings to it one string is "FrameTime" or "FrameItem" then one call up then the only call in that function is getTaskScheduler
So now we have everything right?
nope there is still Retcheck it triggers when you call a function from a location that isnt in a range to bypass it patch it or change the location you called the function how to do that? just get lua_getfield and decompile and scroll down you can see there is like
if(retaddr < 0xf43656 && retaddr > 0x55656)
{
TriggerRetcheck()
}
so use your brain to bypass thats also a example the 0x55656 isnt the real addy in that function
I hope this helped you when you still need help cuz i explained something trashy dm me
Cancel
Post
Replied
This definently opened tons of doors to the understanding of how to execute lua to ROBLOX using a DLL as the memory editing method.
Thanks!
Cancel
Post
Contribute to Express, an open-source ROBLOX exploit written fully in C.
Users viewing this thread:
( Members: 0, Guests: 1, Total: 1 )
Cancel
Post